<?php
include "header.php";
include "mysqli_connection.php";

if (isset($_SESSION["username"])){
	echo "<script>window.location.href='managehome.php'</script>";
}
?>
<script>change_picture("admin");</script>
<h1>Log in</h1>
<?php
if (isset($_POST["username"]) && isset($_POST["password"])){
	$query = "SELECT username FROM Managers WHERE (username=?) AND (password=?);";
	$stmt = $mysqli->stmt_init();
	if ($stmt = $mysqli->prepare($query)){
		$stmt->bind_param("ss", $_POST["username"], $_POST["password"]);
		$stmt->execute();
		$stmt->bind_result($username);
		if ($stmt->fetch()){
			$_SESSION["username"] = $username;
			echo "<script>window.location.href='managehome.php'</script>";
		}
		else{
			echo "<div style = 'color:red;'>Invalid username or password!</div>";
		}
		$stmt->close();
	}
}
?>
<form action = "#" method = "post">
<label for = "username">Username: </label><input type = "text" name = "username" /><br />
<label for = "password">Password: </label><input type = "password" name = "password" /><br />
<input type = "submit" value = "Log in" /><input type = "button" value = "Cancel" onclick = "window.location.href = 'index.php';"/>
</form>
<?php
include "footer.php";